There is apparently a new worm to follow on the heels of the Rame and Lion worms. "Adore is a worm that we originally called the Red Worm. It is similar to the Ramen and Lion worms. Adore scans the Internet checking Linux hosts to determine whether they are vulnerable to any of the following well-known exploits: LPRng, rpc-statd, wu-ftpd and BIND. LPRng is installed by default on Red Hat 7.0 systems. From the reports so far, Adore appears to have started its spread on April 1.. . .

If you want to break into a house, why spend time prying open the front door if the back door is wide open? Same goes when breaking into computer networks. Most networks and servers are set up with configuration errors that . . .

Lion is a new worm, that is very similar to the Ramen worm. However, this worm is much more dangerous and should be taken seriously. It infects Linux machines with the BIND DNS server running. It is known to infect BIND version(s) 8.2, 8.2-P1, 8.2.1, 8.2.2-Px. BIND 8.2.3-REL and BIND 9 are not vulnerable. The BIND vulnerability is the TSIG vulnerability that was reported back on January 29, 2001.. . .

It took the intruder less than a minute to break into the university's computer via the Internet, and he stayed less than a half an hour. Yet finding out what he did in that time took researchers, on average, more than 34 hours each.. . .

Intrusion detection forms an increasingly important segment of the security technology market. While intrusion detection systems were, until recently, both expensive and difficult to maintain, they have become more affordable. With the arrival of less expensive off-the-shelf solutions, IDSs are becoming . . .

System administrators who rely on intrusion detection systems to snag malicious hacker trying to break into their system may actually be lulling themselves into a false sense of security, the government's security watchdog warned today. The National Infrastructure Protection Center (NIPC), . . .

The question that often comes up is what to do about it. Unless it's a financial or safety issue, it's probably going to get laughed at by the legal authorities, but it's worth reporting. .. We'll not go into detecting . . .

Toby Miller has written an analysis of the KNARK rootkit: "The purpose of this paper is to identify signatures related to the KNARK rootkit. This paper does not show how to install the rootkit nor does it make any comparisons . . .

A couple of Boston-area companies think they've found a way to control a common and devastating form of computer vandalism. Now the two firms are racing to get their sophisticated hardware and software into hundreds of key Internet chokepoints.. . .

A brief description of port sentry and snort. "A port scan detector that can be configured to bind to ports you want monitored, reporting scans made to these ports and optionally running a command to deal with the scanning host . . .